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(57) In view of the connection of a home network to 
an external network via a home router, using a mecha- 
nism that access from the same network is provided with 
a source MAC address whereas a source is rewritten to 
a MAC address of the router in the case of external ac- 
cess via the router whether or not access is made from 



the home network is automatically identif ied by compar- 
ing a MAC address of a device on the other side of com- 
munication with a MAC address of the home router. It is 
capable of suitably managing so that a client terminal 
uses the contents legitimately acquired on a home serv- 
er within the scope of private use allowed by the copy- 
right law. 
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Description 
Technical Field 

[0001] The present invention relates to a device-to- 
device authentication system , a device-to-device au- 
thentication method, a communication apparatus and a 
computer program, for managing the use of the contents 
between devices such as music data, image data, digital 
data such as electronic publication, a motion picture or 
the like, which are distributed by a network or the like, 
in particular, to a device-to-device authentication sys- 
tem, a device-to-device authentication method, a com- 
munication apparatus and a computer program for man- 
aging the use of the contents within the scope of private 
use allowed by the copyright law. 
[0002] More specifically, the present invention relates 
to a device-to-device authentication system, a device- 
to-device authentication method, a communication ap- 
paratus and a computer program for managing the use 
of the contents within the scope of private use allowed 
by the copyright law on a home network connected to 
an external network via a router, in particular, to a de- 
vice-to-device authentication method, a communication 
apparatus and a computer program for managing so 
that each client terminal on the home network uses the 
contents legitimately acquired on a home server within 
the scope of private use allowed by the copyright law. 

Background Art 

[0003] Owing to the recent diffusion of the Internet, 
various digital contents including a computer file are ac- 
tively distributed on a network. Moreover, with the 
spread of a broadband communication network (xDSL 
(x Digital Subscriber Line), CATV (Cable TV), a wireless 
network or the like), a mechanism capable of transmit- 
ting the distribution of digital data such as music data, 
image data or electronic publication and even rich con- 
tents such as a motion picture without giving any stress- 
es to a user is now being arranged. 
[0004] On the other hand, the distributed contents are 
digital data, and therefore, an unauthorized operation 
such as copy or falsification can be relatively easy to 
perform. Moreover, a fraud such as the copy or the fal- 
sification of the contents is currently frequently commit- 
ted, which is a main cause of hampering the interest of 
a digital-content vendor. As a result, a vicious cycle that 
the price of the contents must be increased to result in 
the hindrance of diffusion is generated. 
[0005] For example, recently, the technology of a 
computer, a network or the like is steadily spreading to 
general households. An information device such as a 
personal computer for home use or a PDA (Personal 
Digital Assistants) and, in addition, various information 
home appliances such as a television set and a video 
playback device are interconnected via a home network. 
In many cases, such a home network is interconnected 



to an external broadband network including the Internet 
via a router. After the contents legitimately acquired from 
a server on the Internet are stored in a server on the 
home network (hereinafter, referred to as a "home serv- 

5 er"), the contents are distributed via the home network 
to another in-home terminal (client). 
[0006] Under the copyright law, the contents as cop- 
yright work are protected against u nauthorized use such 
as unauthorized copy or falsification . On the other hand, 

10 an authorized user is allowed to copy the contents for 
private use, that is, for personal use, family use or other 
similar uses within a limited circle (see Copyright Law 
of Japan, Article 30). 

[0007] If the scope of private use is applied to the 

75 above-described home network, the client terminal con- 
nected to the home network is supposed to be within the 
scope of personal use or family use. Therefore, it is con- 
sidered that it is appropriate for the client terminal on 
the home network to make free use of the legitimately 

20 acquired contents in the home server (it is apparent that 
the number of terminals which can enjoy the contents is 
required to be limited to a certain number). 
[0008] With a current technique, however, it is difficult 
to determine whether a client terminal logging into the 

25 home network is within the scope of private use or not. 
[0009] For example, since the home network is inter- 
connected to an external network via a router based on 
an IP protocol, the home server does not know where a 
client making access actually is. If the home server pro- 

30 vides the contents to external (remote) access, the use 
of the contents is substantially unrestrained. Therefore, 
the copyright for the contents is almost unprotected. As 
a result, a content creator may lose the motivation of the 
creation. 

35 [0010] Furthermore, if the home server allows the cli- 
ent terminal in the home network to use the contents in 
the same manner, the same client terminal logs into a 
plurality of home networks at time intervals. As a result, 
it can use the contents almost unrestrictedly. 
40 [0011] On the other hand, if strict restrictions are im- 
posed on the client terminal, a user cannot ensure the 
private use fundamentally allowed by the copyright law. 
As a result, the user cannot satisfactory enjoy the con- 
tents. Accordingly since the use of a home server or a 
45 content-distribution service is not well promoted, the de- 
velopment of content business itself may be impeded. 
[0012] For example, in consideration of the fact that 
a user who legitimately purchases copyright work is al- 
lowed for free use of it, a method for more easily obtain- 
so jng consent from an owner of the rights to the contents 
for the copy and the use of information on a network by 
the user has been proposed (see, for example, Japa- 
nese Patent Application Publication No. 2002-73861). 
However, this method classifies users depending on the 
55 level of relation with the owner of the rights to the use 
of information and distributes the information by a dif- 
ferent distribution method for each level of the relation. 
This method does not identify the extent of the scope of 
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private use on the network. 

[0013] Meanwhile, as a protocol constituting the 
home network, for example, an UPnP (registered trade- 
mark) has been known. The UPnP allows easy network 
construction without any complicated operations and al- 
lows a content-provjding service between network-con- 
nected devices without any difficult operations and set- 
ting. Moreover the UPnP is advantageous in that it is 
not dependent on an operating system (OS) and the ad- 
dition of a device is easy. 

[0014] In the UPnP network-connected devices ex- 
change a definition file described in an XML (extended 
Markup Language) format for mutual authentication. 
The outline of processing of the UPnP is as follows. 

(1) Addressing process: its own device ID such as 
an IP address is acquired. 

(2) Discovery process: each device on a network is 
searched so as to acquire information such as de- 
vice type or a function contained in a response re- 
ceived from each device. 

(3) Service request process: a request is made for 
a service to each device based on information ac- 
quired by the discovery process. 

[001 5] By such a processing procedure, a service can 
be provided and received using network-connected de- 
vices. A device to be connected to the network acquires 
a device ID by the addressing process and acquires in- 
formation for other devices on the network by the dis- 
covery process, thereby enabling a service request. 
[0016] The contents stored in the home server can be 
accessed from other devices on the home network. For 
example, the contents can be acquired by a device im- 
plementingthe UPnP connection. If the contents are vid- 
eo data or audio data, a TV or a player is connected as 
a network-connected device so that a movie or music 
can be enjoyed. 

[0017] However, in the device within the home net- 
work, for example, in the home server, the contents re- 
quiring copyright management such as private contents 
or pay contents are stored. Therefore, it is necessary to 
consider the countermeasure against unauthorized ac- 
cess. 

[001 8] It is natural that access from a device of a user 
having the rights to the use (a license) of the contents 
is allowed. However, in a home network environment in- 
terconnected to the external network via a home router, 
even a user without a license can get into the home net- 
work. 

[0019] In order to exclude unauthorized access : for 
example, the home server is made to have a list of cli- 
ents whose access is allowed so that collation with the 
list is executed each time access to the home server is 
requested from a client. In this way, unauthorized ac- 
cess can be excluded. 

[0020] For example, MAC address filtering is known, 
which uses a MAC (Media Access Control) address cor- 



responding to a physical address unique to each com- 
munication apparatus to set it as an access-allowable 
device list. More specifically, a MAC address of each 
device whose access is allowed is registered on a router 

5 or a gateway for isolating the internal network such as 
the home network and the external network from each 
other. A MAC address assigned to a received packet 
and the registered MAC address are collated with each 
other. Access from a device with an unregistered MAC 

10 address is refused (see, for example, Japanese Patent 
Application Publication No. 10-271154). 
[0021] In order to construct the access-allowable de- 
vice list, however, it is necessary to check the MAC ad- 
dresses of all the devices connected to the internal net- 

15 work. Moreover, efforts to input all the acquired MAC 
addresses so as to create a list are required. Further- 
more, in the home network, a connected device is rela- 
tively frequently changed. Therefore, the access-allow- 
able device list has to be modified for each such change. 

20 

Disclosure of the Invention 

[0022] An object of the present invention is to provide 
preferable device-to-device authentication system, de- 

25 vice-to-device authentication method, communication 
apparatus and computer program, which are capable of 
suitably managing the use of the contents between de- 
vices on a home network connected to an external net- 
work via a router. 

30 [0023] Another object of the present invention is to 
provide preferable device-to-device authentication sys- 
tem, device-to-device authentication method, commu- 
nication apparatus and computer program, which are 
capable of suitably managing so that each client termi- 

35 nal on a home network uses the contents legitimately 
acquired on a home server within the scope of private 
use allowed by the copyright law. 
[0024] The present invention is devised in view of the 
above problems. A first aspect thereof is a device-to- 

40 device authentication system for authenticating a device 
on a home network connectable to an external network 
via a router, characterized by including: local environ- 
ment management means for confirming whether or not 
another device making access to the device on the 

45 home network is present on the home network. 

[0025] However, a "system" herein means a logical 
assembly of a plurality of apparatuses (or functional 
modules for realizing a specific function), and each ap- 
paratus or functional module may be or may not be 

50 present in a single box body. 

[0026] Herein, one of the devices is a home server for 
legitimately acquiring the contents from the external net- 
work via the router or through package media or broad- 
cast reception, whereas the other device is a client for 

55 making a request for the contents to the home server 
for use. After the confirmation of the presence of both 
the devices on the same home network., the home serv- 
er provides the contents and/or issues a license for the 
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contents to the client. 

[0027] Under the copyright law, the contents as cop- 
yright work are protected against unauthorized use such 
as unauthorized copy or falsification. On the other hand, 
an authorized user is allowed to copy the contents for 5 
private use, that is, for personal use : family use or other 
similar uses in a limited circle. 

[0028] Accordingly, in the present invention, on the 
assumption that a client terminal in the home network 
falls within the scope of private use, only a client under 10 
a local environment can use the contents stored on a 
home server. 

[0029] Two or more home servers can be installed on 
the home network. In such a case, since client terminals 
on the same home network are under a local environ- *5 
ment, each home server registers them as members to 
form a group in an independent manner so as to distrib- 
ute the contents and to issue a license for the use of the 
contents. Furthermore, the client terminal can be regis- 
tered as a member simultaneously on two or more home 20 
servers on the same home network to belong to a plu- 
rality of groups and can acquire a license of the contents 
from each of the home servers. 

[0030] Also in this case, since the client terminal is 
under a local environment for each of the home servers 25 
and therefore is supposed to fall within the scope of per- 
sonal or family use, it is appropriate for it to make free 
use of the contents of each of the home serves in the 
local environment. 

[0031] On the other hand, even if the client terminal 30 
can be registered on a plurality of home servers as a 
member at the same time, it should not be allowed to 
belong to a plurality of groups of home servers over a 
plurality of home networks at time intervals. This is be- 
cause the connection to another home network corre- 35 
sponds to the move of the client terminal to a remote 
environment for the first connected home network or the 
connection to one home network is equivalent to the 
presence of the client terminal in a remote environment 
for the other home networks. 40 
[0032] Therefore, a client can use the contents ac- 
quired from a plurality of home servers on the same 
home network. However, upon connection to a home 
server on an other home network, the client can not use 
the contents acquired from home servers on the home 45 
networks other than said other home network. 
[0033] The local environment management means 
can confirm the presence or the absence a device mak- 
ing an access request on the same home network by, 
for example, the identification or the non-identification so 
of a MAC address of a device making an access request 
with a MAC address of a router set as a default gateway. 
[0034] The home network is connected to the external 
network via the home router. If access is made from the 
same network, a source MAC address is assigned 55 
thereto. In the case of external access via the router 
however, a source is rewritten to the MAC address of 
the router. Using such an existing mechanism of an IP 



protocol, a MAC address of the device on the other side 
of communication is compared with the MAC address 
of the home router so as to automatically identify if it is 
access from the home network. 

[0035] Alternatively, the local environment manage- 
ment means can confirm the presence or the absence 
on the same home network based on whether or not the 
respective devices share the same identification infor- 
mation regarding the home network. 
[0036] For example, each of the devices acquires the 
MAC address of the router set as the default gateway 
as identification information regarding the home net- 
work. The presence or the absence on the home net- 
work is confirmed based on whether or not the devices 
have the MAC address of the same default gateway. 
[0037] Alternatively, a local environment manage- 
ment apparatus for supplying network identification in- 
formation is installed on the home network so that each 
device acquires a MAC address of the local environment 
management apparatus as identification information re- 
garding the home network. The presence or the ab- 
sence on the same network can be confirmed based on 
whether or not the devices have the MAC address of the 
same local environment management apparatus. 
[0038] A second aspect of the present invention is a 
computer program described in a computer-readable 
format so as to execute a process for authenticating a 
device, on a home network connected to an external 
network via a router, on which a home server for legiti- 
mately acquiring the contents from the external network 
and a client making a request for the contents for use 
are present, the computer program characterized by in- 
cluding: a local environment management step of con- 
firming whether or not the home server and the client 
are present on the home network; and a content-provi- 
sion step of providing the contents and/or issuing a li- 
cense for the contents to the client by the home server 
in response to the confirmation of the presence of both 
the devices on the same home network by the local en- 
vironment management step. 

[0039] The computer program according to the sec- 
ond aspect of the present invention defines a computer 
program described in a computer-readable format so as 
to realize a predetermined process on a computer sys- 
tem. In other words, the computer program according to 
the second aspect of the present invention is installed 
on a computer system, so that a cooperative function is 
demonstrated on the computer system. As a result, the 
same effects as those of the device-to-device authenti- 
cation system according to the first aspect of the present 
invention can be obtained. 

[0040] The other objects, features and advantages of 
the present invention will be apparent from the detailed 
description based on the following embodiments of the 
present invention and the accompanying drawings. 
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Brief Description of Drawings 
[0041] 

Fig. 1 is a diagram schematically showing a basic 

structure of a home network; 

Fig. 2 is a diagram showing an exemplary structure 

of a home network on which two home servers are 

present; 

Fig. 3 is a diagram showing a state where a client 
terminal is connected to a plurality of home net- 
works; 

Fig. 4 is a diagram schematically showing a struc- 
ture of a home network according to one embodi- 
ment of the present invention; 
Fig. 5 is a diagram schematically showing a struc- 
ture of a home network according to another em- 
bodiment of the present invention; 
Fig. 6 is a diagram schematically showing a hard- 
ware structure of a host apparatus connected to the 
home network as a server, a client or the like; 
Fig. 7 is a diagram showing an operation sequence 
on a home network according to the present inven- 
tion; 

Fig. 8 is a diagram showing a structure of a local 
environment management table; 
Fig. 9 is a flowchart showing a processing proce- 
dure for use of the contents on a client terminal; 
Fig. 1 0 is a diagram showing a variation of the home 
network illustrated in Fig. 4; 

Fig. 11 is a diagram showing an operation sequence 
on a home network according to the present inven- 
tion; and 

Fig. 12 is a diagram showing a variation of Fig. 10. 

Best Mode for Carrying Out the invention 

[0042] Hereinafter, embodiments of the present in- 
vention will be described in detail with reference to the 
drawings. 

[0043] Under the copyright law, the contents as cop- 
yright work are protected against unauthorized use such 
as unauthorized copy or falsification. On the other hand 5 
an authorized user is allowed to copy the contents for 
private use, that is, for personal use, family use or other 
similar uses in a limited circle (see Copyright Law of Ja- 
pan, Article 30). 

[0044] On the assumption that a client terminal in a 
home network (hereinafter, also referred to as a "local 
environment") falls within the scope of private use. the 
inventors of the present invention propose a system in 
which only a client under the local environment can use 
the contents stored on a home server. 
[0045] Herein, the definition of the local environment 
will be described. 

[0046] Fig. 1 schematically shows a basic structure of 
a home network. As shown in the drawing, a home net- 
work installed in home is connected to an external net- 



work such as the Internet via a home router. 
[0047] On the home network, a home server and at 
least one client terminal are present. The home server 
legitimately acquires and stores the contents from a 

5 content server on the external network via the home 
router to distribute the contents in home. It is apparent 
that the home servercan acquire the contents by means 
other than the network, such as package media or 
broadcast reception. Each client terminal makes a re- 

10 quest for desired contents to the home server so as to 
acquire them for use. 

[0048] The client terminals connected to the home 
network are present under the local environment, and it 
is supposed that they are. within the scope of personal 

is or family use. Therefore, it is considered that it is appro- 
priate for the client terminals on the home network to 
make free use of the contents legitimately acquired on 
the home server. Accordingly, the home server registers 
the client terminals under the local environment as 

20 members and issues a license for the contents distribu- 
tion and the use of the contents. It is apparent that the 
number of terminals capable of enjoying the contents is 
required to be limited to a certain number because un- 
limited connection by the client is not allowable. 

25 [0049] Under the local environment, the client termi- 
nal acquires the contents from the home server, uses 
the contents such as for copy or streaming and can also 
take the contents out of the local environment (into a 
remote environment) for use. 

30 [0050] On the other hand, a client terminal that is not 
present on the home network, that is, in a remote envi- 
ronment, is not considered to be within the scope of per- 
sonal or family use. If the client terminal in the remote 
environment is allowed to use the contents, the use of 

35 the contents is substantially unrestrained. As a result, 
the copyright for the contents is almost unprotected. 
Therefore, the home server neither registers the client 
in the remote environment as a member nor issues a 
license of the contents. 

40 [0051] In the example shown in Fig. 1 . only one home 
server is present on the home network. However, it is 
apparent that two or more home servers may be in- 
stalled on the same home server so that each of the 
home servers independently provides a distribution 

45 service of the contents in the home network. 

[0052] Fig. 2 shows an exemplary structure of the 
home network on which two home servers are present. 
[0053] In this case, since client terminals on the same 
home network are under a local environment, each of 

50 the home servers independently registers them as 
members to form a group so as to distribute the contents 
and to issue a license for the use of the contents. The 
client terminal acquires the contents from the home 
server, uses the contents such as for copy or streaming 

55 and can also take the contents out of the local environ- 
ment (into a remote environment) for use. 
[0054] Furthermore, the client terminal can be regis- 
tered simultaneously on two or more home servers on 
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the same home network as members to belong to a plu- 
rality of groups and can acquire a license of the contents 
from each of the home servers. In this case, the client 
terminal is also present under the local environment for 
the respective home servers and therefore it is sup- 
posed that it is within the scope of personal or family 
use. Therefore, it is considered that it is appropriate for 
the client to make free use of the contents of each of the 
home servers in the local environment. 
[0055] On the other hand, even if the client terminal 
can be registered on a plurality of home server as a 
member at the same time, it should not be allowed to 
belong to a plurality of groups of home servers over a 
plurality of home networks at time intervals (see Fig. 3). 
[0056] This is because the connection to another 
home network is corresponding to the move of the client 
terminal to a remote environment for the first connected 
home network or the connection to one home network 
is equivalent to the presence of the client terminal in a 
remote environment for the other home networks. The 
local environment is within the personal orfamily scope, 
whereas the remote environment departs from the per- 
sonal orfamily scope. 

[0057] It is technically possible for the client terminal 
to be connected to a plurality of home networks at time 
intervals. However, if the use of the contents is succes- 
sively allowed with the connection, the use of the con- 
tents is substantially unrestrained. As a result, the cop- 
yright for the contents is almost unprotected. 
[0058] Summarizing the above, in order to realize a 
local environment that is supposed to be within the 
scope of personal or family use on the home network, 
the fallowings are derived as necessary conditions. 

(1) The home server does not allow member regis- 
tration from outside of the home network; and 

(2) When two or more home servers are present in 
the same home network, member registration and 
group management are performed for each of the 
home servers. Each of the clients on the home net- 
work can be registered on two or more home serv- 
ers. However, the home servers simultaneously ac- 
cepting the registration must be present in the same 
home network. 

[0059] In order to realize such a local environment, a 
mechanism for identifying whether or not the home serv- 
er and the client terminal are present on the same home 
network is required between them. 
[0060] A current network protocol does not provide 
any mechanism for identifying a network, such as a 
home network, by segment. Therefore, in view of the 
connection of the home network to the external network 
via the home router, using an existing mechanism of an 
IP protocol that access from the same network is pro- 
vided with a source MAC address whereas a source is 
rewritten to a MAC address of a router in the case of 
external access via a router, the inventors of the present 



invention propose a method of automatically identifying 
if access is made from the home network by comparing 
a MAC address of the device on the other side of com- 
munication with a MAC address of the home router. 
5 [0061] Hereinafter, embodiments of the present in- 
vention will be described in detail with reference to the 
drawings. 

[0062] Fig. 4 schematically shows a structure of a 
home network according to an embodiment of the 

10 present invention. 

[0063] A home network installed in home is connected 
to a WAN such as the Internet or another LAN via a 
home router. The home router is set as a default gate- 
way of the home network. 

15 [0064] The home network is constituted by, for exam- 
ple, connecting a LAN cable of a host apparatus such 
as a home server or a client terminal to a hub (concen- 
trator). 

[0065] The host apparatuses on the home network, 
20 such as the home server, the client terminal and the 
home router, and a host apparatus on the external net- 
work have MAC addresses, each being unique to a de- 
vice. The host apparatus transmits and receives a pack- 
et including header information containing a destination 
25 MAC address and a source MAC address, for example, 
an Ethernet (registered trademark) frame via the net- 
work. 

[0066] The host apparatuses on the home network, 
such as the home server and theclient terminal, are con- 

30 stituted as, for example, UPnP-compatible devices. In 
this case, the addition and the deletion of a connected 
device to/from the network are easy. A device to be con- 
nected to the network can enjoy service on the home 
network such as the use of the contents in accordance 

35 with the following procedure. 

(1) Addressing process: its own device ID such as 
an IP address is acquired. 

(2) Discovery process: each device on a network is 
40 searched so as to acquire information such as de- 
vice type or a function contained in a response re- 
ceived from each device. 

(3) Service request process: A request for a service 
is made to each device based on information ac- 

45 quired by the discovery process. 

[0067] On the home network, a local environment that 
is supposed to be within the scope of personal or family 
use is formed. Therefore, the home server legitimately 

50 acquires and stores the contents from a content server 
on the external network via the home routerto distribute 
the contents in home. Each of the client terminals is al- 
lowed to make a request for desired contents to the 
home server and acquires them for use. 

55 [0068] Under the local environment, the client termi- 
nal acquires the contents from the home server and us- 
es the contents such as for copy or streaming. Further- 
more, it can take the contents out of the local environ- 
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ment (into the remote environment) for use. 
[0069] Fig. 5 schematically shows a structure of a 
home network according to another embodiment of the 
present invention. 

[0070] The home network is connected to a WAN 
such as the Internet or another LAN via the home router. 
In this case, the home router is also set as a default gate- 
way of the home network. 

[0071 ] Th is differs from Fig . 4 i n that two home servers 
are present on the home network. The respective home 
servers may be simultaneously present on the home 
network or may be connected at a time interval. 
[0072] In this case, since the client terminals on the 
same home network are under the local environment, 
each of the home servers registers them as members 
to form a group so as to distribute the contents and to 
issue a license for the use of the contents. The client 
terminal acquires the contents from the home server us- 
es the contents such as for copy or streaming and can 
also take the contents out of the local environment (into 
a remote environment) for use. Furthermore, the client 
terminal can be registered simultaneously on two or 
more home servers on the same home network as mem- 
bers to belong to a plurality of groups and can acquire 
a license of the contents from each of the home servers. 
[0073] Fig. 6 schematically shows a hardware struc- 
ture of a host apparatus connected to the home network 
as a server a client or the like. 

[0074] The system is constituted mainly of a proces- 
sor 10. The processor 10 executes various processes 
based on a program stored in a memory. The processor 
controls various peripheral devices connected through 
a bus 30. The peripheral devices connected to the bus 
30 are as follows. 

[0075] A memory 20 is constituted of a semiconductor 
memory, for example, a DRAM (Dynamic RAM) or the 
like and is used to load a program code executed in the 
processor 1 0 or to temporarily store operation data of 
an execution program. 

[0076] A display controller 21 generates a display im- 
age in accordance with a draw command sent from the 
processor 1 0 and transmits it to a display device 22. The 
display apparatus 22 connected to the display controller 
displays and outputs the image on a screen in accord- 
ance with display image information transmitted from 
the display controller 21 . 

[0077] An input/output interface 23, to which a key- 
board 24 and a mouse 25 are connected, transfers an 
input signal from the keyboard 24 or the mouse 25 to 
the processor 10. 

[0078] A network interface 26 is connected to the ex- 
ternal network such as a LAN and the Internet and con- 
trols data communication through the Internet. Specifi- 
cally, it transfers data transmitted from the processor 1 0 
to another apparatus on the Internet and receives data 
transmitted through the Internet so as to pass it to the 
processor 10. 

[0079] A hard disk drive (HDD) controller 27, to which 



a high-capacity external storage apparatus 28 such as 
an HDD is connected, controls the input and output of 
data to the HDD 28 to which the HDD controller 27 is 
connected. The HDD 28 stores a program of an operat- 

5 ing system (OS), an application program, a driver pro- 
gram and the like to be executed by the processor. The 
application program is, for example, a server application 
for authenticating each client terminal on the home net- 
work as the home server or for providing the contents 

10 or issuing a license, a client application for use of the 
contents such as for reproduction of the contents pro- 
vided by the server or the like, and the like. 
[0080] In order to constitute the host apparatus, a 
large number of electric circuits or the like are required 

15 in addition to those illustrated in Fig. 6. However since 
they are known to those skilled in the art and do not con- 
stitute the gist of the present invention, they are omitted 
in this specification. Moreover, it should be understood 
that each connection between hardware blocks in the 

20 drawing is only partially illustrated in order to avoid the 
complication of the drawing. 

[0081] Fig. 7 shows an operation on the home net- 
work according to this embodiment. It is assumed that 
at least a client terminal, two home servers and a home 
25 router are present on the network and the home router 
is set as the default gateway. 

[0082] The client terminal acquires the contents from 
the home server and uses the contents such as for copy 
or streaming. Prior to the start of a content-distribution 

30 service, each home server acquires a MAC address of 
the default gateway from the home router.. 
[0083] For access to the server the client terminal first 
acquires the MAC address of the default gateway and 
transmits an access request with the acquired MAC ad- 

35 dress to the server. 

[0084] The server to which the access request is 
made, fetches the source MAC address from a request 
packet and compares it with the MAC address of the 
default gateway which is acquired in advance by itself. 

40 if it is access from the same network, the source MAC 
address is assigned thereto. However, if it is external 
access via the router the source is rewritten to the MAC 
address of the router. Therefore, based on the identifi- 
cation or non-identification of the source MAC address 

45 with the MAC address of the default gateway, it can be 
easily determined whether or not the request-source cli- 
ent is on the same network, that is, in the local environ- 
ment. If it is in the local environment, the requested con- 
tents are distributed and a license thereof is issued. 

50 However, if it is not in the local environment, the request 
is refused. The use of the contents is allowed between 
the devices only in the thus formed local environment, 
thereby effectively restraining the unauthorized distribu- 
tion of the contents. 

55 [0085] Upon reception of a response packet from the 
request-destination server, the client terminal fetches 
the MAC address and a server name of the server and 
stores them with the MAC address of the default gate- 
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way acquired prior to the access request as a set in the 
local environment management table. 
[0086] Fig. 8 schematically shows a structure of the 
local environment management table. In the illustrated 
local environment management table, a record is en- 
tered each time a request for the contents is made to a 
new server. In each record, a LASTflag : a network iden- 
tification ID, and a MAC address and a server name of 
a server are stored. As the network identification ID, the 
MAC address of the default gateway acquired prior to 
the access to the server is described. As the LAST flag, 
a flag is set to a record of the last accessed server. 
[0087] The example illustrated in Fig. 8 shows a his- 
tory of the client terminal making access to a server S1 
on a home network connected to a home router A, ac- 
cess to a server S2 on the home network connected to 
the home router A, and access to a server S3 on a home 
network connected to a home router B. The last access 
made by the client terminal is to the server S2 on the 
home network connected to the home router A. 
[0088] The client terminal can be registered simulta- 
neously on two or more home servers on the same 
home network as members to belong to a plurality of 
groups and can acquire a license for the contents from 
each of the home server. This is because, in this case, 
the client terminal is present under the local environ- 
ment for each of the home servers and therefore is sup- 
posed to be within the scope of personal or family use. 
[0089] On the other hand, if the client terminal is con- 
nected to another home network at a time interval, it cor- 
responds to a move of the client terminal to a remote 
environmentforthe first connected home network atthat 
time. The collation of the MAC address of the default 
gateway obtained by the client terminal upon access to 
the server on the local environment management table 
allows the determination of the movement between the 
home networks. 

[0090] The client terminal acquires the contents from 
the home server, uses the contents such as for copy or 
streaming and can further take the contents out of the 
local environment (into a remote environment) for use. 
However, it is not allowable to connect to a plurality of 
home networks at time intervals so as to use the se- 
quentially acquired contents in an unrestrained manner. 
Therefore, in this embodiment, the use of the contents 
on the client terminal is limited to those acquired from 
the currently connected home network. 
[0091] The LAST flag in the local environment man- 
agement table shown in Fig. 8 indicates the last ac- 
cessed home server. In this embodiment, it is defined 
that the home network on which the last accessed home 
server is present is the current local environmentforthe 
client terminal. Therefore, it is supposed that the home 
server having the MAC address of the same default 
gateway as that of the home server to which the LAST 
flag is assigned is present in the local environment. 
[0092] Fig. 9 shows a processing procedure for the 
use of the contents on the client terminal in the form of 



flowchart. When the contents are to be used (repro- 
duced) on the client terminal, the local environment 
management table is referred to so as to determine 
whether or not there are any other servers having the 
5 MAC address of the same default gateway as that of the 
record to which the LAST flag is set (step S1). The con- 
tents acquired from the server having the same MAC 
address are rendered available (step S2), whereas the 
contents acquired from the other servers are rendered 
10 unavailable (step S3). 

[0093] In the above-described embodiment, using the 
existing mechanism of the IP protocol that the source 
MAC address is assigned to the access from the same 
network while the source is rewritten to the MAC ad- 
15 dress of the router in the case of the external access via 
the router, the access is automatically identified to be 
that from the home network or not by comparing the 
MAC address of the one in communication with the MAC 
address of the home router. However, a method of iden- 
20 tifying the presence of the host apparatus on the same 
home network is not limited thereto. 
[0094] Fig. 1 0 shows a variation of the home network 
shown in Fig. 4. In the illustrated example, the home net- 
work is connected to a WAN such as the Internet or to 
25 another LAN via the home router. Although the home 
router is set as the default gateway of the home network, 
it is optional. 

[0095] The home network is constituted by connect- 
ing a LAN cable of the host apparatus such as the home 
30 server or the client terminal to the hub . Th is embodiment 
differs from Fig. 4 in that a local identification apparatus 
for imparting the identification function to the home net- 
work is connected to the home network. 
[0096] The local environment that is supposed to be 
35 within the scope of personal or family use is formed on 
the home network. Therefore, the home server legiti- 
mately acquires and stores the contents from the con- 
tent server on the external network via the home router 
so as to distribute the contents in home. Each client ter- 
40 minal is allowed to make a request for desired contents 
to the home server and acquires them for use (idem). 
[0097] Fig. 11 shows an operation on the home net- 
work illustrated in Fig. 10. 

[0098] The client terminal acquires the contents from 
45 the home server to use the contents such as for copy 
and streaming. Prior to the start of a content-distribution 
service, each home server acquires a MAC address of 
the local identification apparatus. 

[0099] For access to the server, the client terminal first 
50 acquires the MAC address of the local identification ap- 
paratus and transmits an access request with the ac- 
quired MAC address to the home server. 
[0100] The server, to which the access request is 
made, fetches the MAC address of the local identifica- 
55 tion apparatus from the request packet and compares it 
with the MAC address of the local identification appara- 
tus acquired in advance by itself. Then, it is determined 
in a simple manner whether or not the request-source 
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client is on the home network, that is, in the local envi- 
ronment based on the identification or the non-identifi- 
cation of the two MAC addresses. In the case where it 
is in the local environment, the requested contents are 
distributed and a license thereof is issued. In the case 5 
where it is not in the local environment., the request is 
refused. The use of the contents between the devices 
only in the thus formed local environment is allowed, so 
that the unauthorized distribution of the contents can be 
effectively restrained. 10 
[0101] Upon reception of a response packet from the 
request-destination server, the client terminal fetches 
the MAC address and the server name of the server and 
stores them with the MAC address of the local identifi- 
cation apparatus acquired prior to the access request 15 
as a set in the local environment management table. In 
each record of the local environment management table 
in this case, the MAC address of the local identification 
apparatus is described in place of the MAC address of 
the default gateway, 20 
[0102] Fig. 12 shows a variation of the home network 
illustrated in Fig. 10. As illustrated, in addition to being 
connected to the home network as a dedicated device, 
the local identification apparatus can be constituted to 
be incorporated into the home router or another host ap- 25 
paratus on the home network. 

[0103] As a necessary condition of the local identifi- 
cation apparatus, the constant response to a request 
from the client terminal can be given. For this reason, it 
is preferred that the local identification apparatus is al- 30 
ways powered ON and at least one local identification 
apparatus exists in home. Since the home server is, for 
example, a TV set or a video recording/playback appa- 
ratus and these devices are not necessarily constantly 
activated (the local environment cannot be confirmed 35 
because they are not powered ON), it is not satisfactory 
as a requirement for the local identification apparatus. 
On the other hand, since each household has one re- 
frigerator and the refrigerator is always powered ON, it 
satisfies the requirement as the local identification ap- *o 
paratus. In addition, since the refrigerator is heavy and 
therefore is fixed and unmovable, the secondary effect 
that it is difficult to take it out to commit a fraud can be 
obtained. 

[0104] Moreover two or more local identification ap- 45 
paratuses may be present on a single home network. In 
this case, the client terminal specifies the local identifi- 
cation apparatus to make a request for authentication. 
On the contrary, the server specifies the local identifica- 
tion apparatus to make a request for authentication. Al- so 
tentatively, the client terminal makes a request for au- 
thentication to the local identification apparatus while 
specifying the server so that the local identification ap- 
paratus performs the authentication with the server. 
[0105] The collation of the MAC addresses of the de- 55 
vices is used for the authentication between the devices 
in the embodiment described in this specification; it is 
presupposed that the home router and the local identi- 



fication apparatus have the MAC addresses in such a 
form that is difficult to falsificate by using encryption 
means. 

Supplement 

[0106] The present invention has been described in 
detail above with reference to specific embodiments. 
However, it is obvious that those skilled in the art can 
modify or substitute the embodiments without departing 
from the gist of the present invention. Specifically, the 
present invention is disclosed only by way of example, 
and therefore the description of the specification should 
not be read as limitative. In order to determine the gist 
of the present invention, the claims should be taken into 
consideration. 

Industrial Applicability 

[0107] According to the present invention, preferable 
device-to-device authentication system, device-to-de- 
vice authentication method, communication apparatus 
and computer program, which are capable of suitably 
managing the use of the contents between devices on 
a home network connected to an external network via a 
router, can be provided. 

[0108] Moreover, according to the present invention, 
preferable device-to-device authentication system, de- 
vice-to-device authentication method, communication 
apparatus and computer program, which are capable of 
suitably managing so that each client terminal on a 
home network uses the contents legitimately acquired 
on a home server within the scope of private use allowed 
by the copyright law, can be provided. 
[0109] According to the present invention, the use of 
the contents is allowed between devices only in a local 
environment, so that the unauthorized distribution of the 
contents can be effectively restrained: 

Claims 

1. A device-to-device authentication system for au- 
thenticating a device on a home network connect- 
able to an external network via a router, character- 
ized by comprising: 

local environment management means forcon- 
firming whether or not another device access- 
ing to said device on said home network is 
present on said home network. 

2. The device-to-device authentication system ac- 
cording to claim 1 , characterized in that: 

one of said devices is a home server for legiti- 
mately acquiring contents, whereas the other 
of said devices is a client for making a request 
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for said contents to said home server for use; 

wherein, in response to confirmation of pres- 
ence of both devices on said same home network, 
said home server provides said contents and/or is- 
sues a license for said contents to said client. 

3. The device-to-device authentication system ac- 
cording to claim 1 . characterized in that: 

two or more home servers are able to be in- 
stalled on said home network; 

wherein each of said home servers provides 
said contents and/or issues a license for said con- 
tents to said clients that is confirmed to be present 
on said same home network. 

4. The device-to-device authentication system ac- 
cording to claim 3 : characterized in that: 

said client is able to receive provision of said 
contents and/or issuance of said license for 
said contents from said two or more home serv- 
ers on said same home network. 

5. The device-to-device authentication system ac- 
cording to claim 3, characterized in that: 

said client is able to use said contents acquired 
from a plurality of home servers on said same 
home network, and, upon connection to a home 
server on an other home network, said client is 
not able to use said contents acquired from said 
home servers on said home networks other 
than said other home network. 

6. The device-to-device authentication system ac- 
cording to claim 1 , characterized in that: 

said local environment management means 
confirms whether or not a request-source de- 
vice of access is present on said same home 
network based on whether or not a MAC ad- 
dress of said request-source device is identi- 
fied or non-identified with a MAC address of a 
router set as a default gateway. 

7. The device-to-device authentication system ac- 
cording to claim 1 , characterized in that: 

said local environment management means 
confirms whether or not each of said devices is 
present on said same home network based on 
whether or not each of said devices shares the 
same identification information regarding said 
home network. 



8. The device-to-device authentication system ac- 
cording to claim 7, characterized in that: 

each of =aid devices acquires a MAC address 
5 of said router set as a default gateway as iden- 

tification information regarding said home net- 
work: and 

whether or not each of said devices is present 
on said same home network is confirmed based 
w on whether or not each of said devices has a 

MAC address of said same default gateway. 

9. The device-to-device authentication system ac- 
cording to claim 7, characterized in that: 

15 

a local environment management apparatus for 
supplying network identification information is 
installed on said home network; and 
each of said devices acquires a MAC address 
20 of said local environment management appa- 

ratus as identification information regarding 
said home network: and 

whether or not each of said device is present 
on said same home network is confirmed based 
25 on whether or not each of said devices has a 

MAC address of said same local environment 
management apparatus. 

10. A device-to-device authentication method for au- 
30 thenticating a device on a home network connect- 

able to an external network via a router, character- 
ized by comprising: 

a local environment management step of con- 
35 firming whether or not another device access- 

ing to said device on said home network is 
present on said home network. 

11. The device-to-device authentication method ac- 
40 cording to claim 10, characterized in that: 

one of said devices is a home server for legiti- 
mately acquiring contents, whereas the other 
of said devices is a client for making a request 
45 for said contents to said home server for use; 

wherein, in response to confirmation of pres- 
ence of both devices on said same home network 
in said local environment management step, said 
50 home server provides said contents and/or issues 

a license for said contents to said client. 

12. The device-to-device authentication method ac- 
cording to claim 10, characterized in that: 

55 

two or more home servers are able to be in- 
stalled on said home network; 
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wherein each of said home servers provides 
said contents and/or issues a license for said con- 
tents to said clients that is confirmed to be present 
on said same home network. 

13. The device-to-device authentication method ac- 
cording to claim 12 : characterized in that: 

said client is able to receive provision of said 
contents and/or issuance of said license for 
said contents from said two or more home serv- 
ers on said same home network. 

14. The device-to-device authentication method ac- 
cording to claim 12, characterized in that: 

said client is able to use said contents acquired 
from a plurality of home servers on said same 
home network., and. upon connection to a home 
server on an other home network, said client is 
not able to use said contents acquired from the 
said home servers on said home networks oth- 
er than said other home network. 

15. The device-to-device authentication method ac- 
cording to claim 10, characterized in that: 

in said local environment management step, 
whether or not a request-source device of ac- 
cess is present on said same home network is 
confirmed based on whether or not a MAC ad- 
dress of said request-source device is identi- 
fied or non-identified with a MAC address of a 
router set as a default gateway. 

16. The device-to-device authentication method ac- 
cording to claim 10, characterized in that: 

in said local environment management step, 
whether or not each of said devices is present 
on said same home network is confirmed based 
on whether or not each of said devices shares 
the same identification information regarding 
said home network. 

17. The device-to-device authentication method ac- 
cording to claim 16, characterized in that: 

in said local environment management step, 
each of said devices acquires a MAC address 
of said router set as a default gateway as iden- 
tification information regarding said home net- 
work; and 

whether or not each of said devices is present 
on said same home network is confirmed based 
on whether or not each of said devices has a 
MAC address of said same default gateway. 
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18. The device-to-device authentication method ac- 
cording to claim 16, characterized in that: 

a local environment management apparatus for 
supplying network identification information is 
installed on said home network; and 
in said local environment management step, 
each of said devices acquires a MAC address 
of said local environment management appa- 
ratus as identification information regarding 
said home network: and 
whether or not each of said device is present 
on said same home network is confirmed based 
on whether or not each of said devices has a 
MAC address of said same local environment 
management apparatus. 



19. A communication apparatus for operating on a 
home network connectable to an external network 
20 via a router, characterized by comprising: 



local environment management means forcon- 
firming whether or not another device access- 
ing via a home network connected said com- 
munication apparatus is present on said same 
home network. 



25 



30 



35 



40 



45 



50 



55 



20. The communication apparatus according to claim 
19, 

characterized in that: 

said communication apparatus operates as a 
home server for providing contents on said net- 
work: and 

wherein said communication apparatus fur- 
ther comprises content-provision means for provid- 
ing said contents and/or issuing a license for said 
contents only to a device confirmed to be present 
on said same home network by said local environ- 
ment management means. 

21. The communication apparatus according to claim 
19, 

characterized in that: 

said communication apparatus operates as a 
client for making a request for contents to a 
home server for use on said network: 

wherein said communication apparatus fur- 
ther comprises content-using means for receiving 
provision of said contents and/or issuance of a li- 
cense for said contents only from a home server 
confirmed to be present on said same home net- 
work by said local environment management 
means. 
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22. The communication apparatus according to claim 
21, 

characterized in that: 

two or more home servers are able to be in- 
stalled on said home network; 

wherein said content-using means receives 
provision of said contents and/or issuance of a li- 
cense for said cc .tents only from two or more home 
servers confirms . io be present on said same home 
network by said local environment management 
means. 

23. The communication apparatus according to claim 

21, 

characterized in that: 

said content-using means is able to use said 
contents acquired from a plurality of home serv- 
ers on said same home network, and, upon 
connection to a home server on an other home 
network, said client is not able to use said con- 
tents acquired from the said home servers on 
said home networks otherthan said other home 
network. 

24. The communication apparatus according to claim 
19, 

characterized in that: 

said local environment management means 
confirms whether or not a request-source de- 
vice of access is present on said same home 
network based on whether or not a MAC ad- 
dress of said request-source device of access- 
ing is identified or non-identified with a MAC ad- 
dress of a router set as a default gateway. 

25. The communication apparatus according to claim 
19, 

characterized in that 

said local environment management means 
confirms whether or not each of said devices is 
present on said same home network based on 
whether or not each of said devices shares the 
same identification information regarding said 
home network. 

26. The communication apparatus according to claim 

25, 

characterized in that: 

said local environment management means 
acquires a MAC address of said router set as 
a default gateway as identification information 
regarding said home network; and 



whether or not a device on other side of com- 
munication is present on said same home net- 
work is confirmed based on whether or not said 
device on other side of communication has a 
5 MAC address of said same default gateway. 

27. The communication apparatus according to claim 
25, 

characterized in that: 

10 

a local environment management apparatus for 
supplying network identification information is 
installed on said home network; and 
said local environment management means 

15 acquires a MAC address of said local environ- 

ment management apparatus as identification 
information regarding said home network; and 
whether or not a device on other side of com- 
munication is present on said same home net- 

20 work is confirmed based on whether or not said 

device on other side of communication has a 
MAC address of said same local environment 
management apparatus. 

25 28. A computer program described in a computer-read- 
able format so as to execute a process for authen- 
ticating a device, on a home network connectable 
to an external network via a router, on which a home 
server for legitimately acquiring contents from said 

30 external network and a client for making a request 
for said contents for use are present, said computer 
program characterized by comprising: 

a local environment management step of con- 
35 firming whether or not said home server and 

said client are present on said home network; 
and 

a content-provision step of providing said con- 
tents and/or issuing a license for said contents 
40 to said client by said home server in response 

to confirmation of presence of both said devices 
on said same home network in said local envi- 
ronment management step. 

45 

Amended claims under Art. 19.1 PCT 

1. (amended) A device-to-device authentication sys- 
tem for authenticating a device on a home network 
50 connectable to an external network via a router, 
characterized by comprising: 

means for holding a MAC address of said router 
set as a default gateway; and 
55 local environment management means forcon- 

firming whether or not another device access- 
ing to said device on said home network is 
present on said home network based on wheth- 
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er or not a MAC address of said request-source 
device of accessing is identified or non-identi- 
fied with a MAC address of said router set as a 
default gateway. 

5 

2. The device-to-device authentication system ac- 
cording to claim 1 , characterized in that: 

one of said devices is a home server for legiti- 
mately acquiring contents, whereas the other 10 
of said devices is a client for making a request 
for said contents to said home server for use; 

wherein, in response to confirmation of pres- 
ence of both devices on said same home network, '5 
said home server provides said contents and/or is- 
sues a license for said contents to said client. 

3. The device-to-device authentication system ac- 
cording to claim 1 , characterized in that: 20 

two or more home servers are able to be in- 
stalled on said home network; 

wherein each of said home servers provides 25 
said contents and/or issues a license for said con- 
tents to said clients that is confirmed to be present 
on said same home network. 

4. The device-to-device authentication system ac- 30 
cording to claim 3, characterized in that: 

said client is able to receive provision of said 
contents and/or issuance of said license for 
said contents from said two or more home serv- 35 
ers on said same home network. 

5. The device-to-device authentication system ac- 
cording to claim 3, characterized in that: 

40 

said client is able to use said contents acquired 
from a plurality of home servers on said same 
home network, and, upon connection to a home 
server on an other home network, said client is 
not able to use said contents acquired from said 45 
home servers on said home networks other 
than said other home network. 

6. (cancelled) 

50 

7. (amended) A device-to-device authentication sys- 
tem for authenticating a device on a home network 
connectable to an external network via a router, 
characterized by comprising: 

55 

means for sharing the same identification infor- 
mation regarding said home network between 
said devices on said same home network; and 



said local environment management means 
confirms whether or not each of said devices is 
present on said same home network based on 
whether or not each of said devices shares the 
same identification information regarding said 
home network. 

8. The device-to-device authentication system ac- 
cording to claim 7, characterized in that: 

each of said devices acquires a MAC address 
of said router set as a default gateway as iden- 
tification information regarding said home net- 
work; and 

whether or not each of said devices is present 
on said same home network is confirmed based 
on whether or not each of said devices has a 
MAC address of said same default gateway. 

9. The device-to-device authentication system ac- 
cording to claim 7, characterized in that: 

a local environment management apparatus for 
supplying network identification information is 
installed on said home network; and 
each of said devices acquires a MAC address 
of said local environment management appa- 
ratus as identification information regarding 
said home network; and 
whether or not each of said device is present 
on said same home network is confirmed based 
on whether or not each of said devices has a 
MAC address of said same local environment 
management apparatus. 

10. (amended) A device-to-device authentication meth- 
od for authenticating a device on a home network 
connectable to an external network via a router, 
characterized by comprising: 

a step of holding a MAC address of said router 
set as a default gateway; and 
a local environment management step of con- 
firming whether or not another device access- 
ing to said device on said home network is 
present on said home network based on wheth- 
er or not a MAC address of said request-source 
device of accessing is identified or non-identi- 
fied with a MAC address of said router set as a 
default gateway. 

11. The device-to-device authentication method ac- 
cording to claim 10, characterized in that: 

one of said devices is a home server for legiti- 
mately acquiring contents, whereas the other 
of said devices is a client for making a request 
for said contents to said home server for use; 
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wherein, in response to confirmation of pres- 
ence of both devices on said same home network 
in said local environment management step, said 
home server provides said contents and/or issues 
a license for said contents to said client. 

12. The device-to-device authentication method ac- 
cording to claim 10, characterized in that: 

two or more home servers are able to be in- 
stalled on said home network; 

wherein each of said home servers provides 
said contents and/or issues a license for said con- 
tents to said clients that is confirmed to be present 
on said same home network. 

13. The device-to-device authentication method ac- 
cording to claim 12 ; characterized in that: 

said client is able to receive provision of said 
contents and/or issuance of said license for 
said contents from said two or more home serv- 
ers on said same home network. 

14. The device-to-device authentication method ac- 
cording to claim 12, characterized in that: 

said client is able to use said contents acquired 
from a plurality of home servers on said same 
home network, and, upon connection to a home 
server on an other home network, said client is 
not able to use said contents acquired from said 
home servers on said home networks other 
than said other home network. 

15. (cancelled) 

1 6. (amended) A device-to-device authentication meth- 
od for authenticating a device on a home network 
connectable to an external network via a router, 
characterized by comprising: 

a step of sharing the same identification infor- 
mation regarding said home network between 
said devices on said same home network; and 
in said local environment management step, 
whether or not each of said devices is present 
on said same home network is confirmed based 
on whether or not each of said devices shares 
the same identification information regarding 
said home network. 

17. The device-to-device authentication method ac- 
cording to claim 16, characterized in that: 

in said local environment management step, 
each of said devices acquires a MAC address 



of said router set as a default gateway as iden- 
tification information regarding said home net- 
work: and 

whether or not each of said devices is present 
5 on said same home network is confirmed based 

on whether or not each of said devices has a 
MAC address of said same default gateway. 

18. The device-to-device authentication method ac- 
10 cording to claim 16, characterized in that: 

a local environment management apparatus for 
supplying network identification information is 
installed on said home network; and 

15 in said local environment management step, 

each of said devices acquires a MAC address 
of said local environment management appa- 
ratus as identification information regarding 
said home network; and 

20 whether or not each of said device is present 

on said same home network is confirmed based 
on whether or not each of said devices has a 
MAC address of said same local environment 
management apparatus. 

25 

19. (amended) A communication apparatus for operat- 
ing on a home network connectable to an external 
network via a router, characterized by comprising: 

30 means for holding a MAC address of said router 

set as a default gateway: and 
local environment management means forcon- 
firming whether or not another device access- 
ing to said device on said home network is 

35 present on said home network based on wheth- 

er or not a MAC address of said request-source 
device of accessing is identified or non-identi- 
fied with a MAC address of said router set as a 
default gateway. 

40 

20. The communication apparatus according to claim 
19, 

characterized in that: 

45 said communication apparatus operates as a 

home server for providing contents on said net- 
work; and 

wherein said communication apparatus fur- 
50 ther comprises content-provision means for provid- 
ing said contents and/or issuing a license for said 
contents only to a device confirmed to be present 
on said same home network by said local environ- 
ment management means. 

55 

21. The communication apparatus according to claim 
19; 

characterized in that: 
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said communication apparatus operates as a 
client for making a request for contents to a 
home server for use on said network; 

wherein said communication apparatus fur- 5 
ther comprises content-using means for receiving 
provision of said contents and/or issuance of a li- 
cense for said contents only from a home server 
confirmed to be present on said same home net- 
work by said local environment management 10 
means. 

22. The communication apparatus according to claim 
21, 

characterized in that: 15 

two or more home servers are able to be in- 
stalled on said home network; 

wherein said content-using means receives 20 
provision of said contents and/or issuance of a li- 
cense for said contents only from two or more home 
servers conf irmed to be present on said same home 
network by said local environment management 
means. 25 

23. The communication apparatus according to claim 

21 ; 

characterized in that: 

30 

said content-using means is able to use said 
contents acquired from a plurality of home serv- 
ers on said same home network, and, upon 
connection to a home server on an other home 
network, said client is not able to use said con- 35 
tents acquired from said home servers on said 
home networks other than said other home net- 
work. 

24. (cancelled) 40 

25. (amended) A communication apparatus operating 
as a client for making request for contents to a home 
server for use, on a home network connectable to 

an external network via a router, characterized by 45 
comprising: 

means for sharing the same identification infor- 
mation regarding said home network between 
devices on said same home network; and 50 
said local environment management means 
confirms whether or not each of said devices is 
present on said same home network based on 
whether or not each of said devices shares the 
same identification information regarding said 55 
home network. 

26. The communication apparatus according to claim 



25, 

characterized in that: 

said local environment management means 
acquires a MAC address of said router set as 
a default gateway as identification information 
regarding said home network; and 
whether or not a device on other side of com- 
munication is present on said same home net- 
work is confirmed based on whether or not said 
device on other side of communication has a 
MAC address of said same default gateway. 

27. The communication apparatus according to claim 
25, 

characterized in that: 

a local environment management apparatus for 
supplying network identification information is 
installed on said home network; and 
said local environment management means 
acquires a MAC address of said local environ- 
ment management apparatus as identification 
information regarding said home network: and 
whether or not a device on other side of com- 
munication is present on said same home net- 
work is confirmed based on whether or not said 
device on other side of communication has a 
MAC address of said same local environment 
management apparatus. 

28. (amended) A computer program described in a 
computer-readable format so as to execute a proc- 
ess for authenticating a device, on a home network 
connectable to an external network via a router, on 
which a home server for legitimately acquiring con- 
tents from said external network and a client for 
making a request for said contents for use are 
present, said computer program characterized by 
comprising: 

a local environment management step of con- 
firming whether or not said home server and 
said client are present on said home network 
based on whether or not a MAC address of said 
request-source client of accessing is identified 
or non-identified with a MAC address of said 
router set as a default gateway; and 
a content-provision step of providing said con- 
tents and/or issuing a license for said contents 
to said client by said home server in response 
to confirmation of presence of both said devices 
on said same home network in said local envi- 
ronment management step. 
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Statement under Art. 19.1 PCT 

Claim 1 is amended for making it clearthe point that 
a device-to-device authentication system comprises 
means for holding a MAC address of said router set as 
a default gateway, and local environment management 
means confirms whether or not another device access- 
ing to said device on said home network is present on 
said home network "based on whether or not a MAC ad- 
dress of said device access requesting is identified or 
non-identified with a MAC address of said router set as 
a default gateway". Claim 6 is cancelled in accordance 
with the above amendment. 

Further claim 7 is amended to an independent 
claim and it makes it clear the point that the device-to- 
device authentication system comprises means for 
sharing the same identification information regarding 
said home network between said devices on said same 
home network. 

Furthermore, claim 10 is amended for making it 
clear the point that the device-to-device authentication 
method comprises a step of holding a MAC address of 
said router set as a default gateway, and, in a local en- 
vironment management step, whether or not another 
device accessing to said device on said home network 
is present on said home network is confirmed "based on 
whether or not a MAC address of said device access 
requesting is identified or non-identified with a MAC ad- 
dress of said router set as a default gateway". Claim 15 
is cancelled in accordance with the above amendment. 

Still further, claim 1 6 is amended for making it clear 
the point that the device-to-device authentication meth- 
od comprises a step of sharing the same identification 
information regarding said home network between said 
devices on said same home network. 

Still further, claim 1 9 is amended for making it clear 
the point that a communication apparatus comprises a 
holding means for holding a MAC address of said router 
set as a default gateway, and local environment man- 
agement means confirms whether or not another device 
accessing to said device on said home network is 
present on said home network "based on whether or not 
a MAC address of said device access requesting is iden- 
tified or non-identified with a MAC address of said router 
set as a default gateway". Claim 24 is cancelled in ac- 
cordance with the above amendment. 

Still further, claim 25 is amended to an independent 
claim and it makes it clear the point that the communi- 
cation apparatus comprises means for sharing the same 
identification information regarding said home network 
between said devices on said same home network. 

Still further, claim 28 is amended to an independent 
claim and it makes it clear the point that, in a local en- 
vironment management step, whether or not another 
device accessing to said device on said home network 
is present on said home network is confirmed "based on 
whether or not a MAC address of said device access 
requesting is identified or non-identified with a MAC ad- 



dress of said router set as a default gateway". 

It is to be noted that, in the description of the present 
invention on pacs 16, line 2 to 4, there is specified that 
"automatically r citifying if access is made from the 
5 home network by comparing a MAC address of the cor- 
respondence device with a MAC address of the home 
router". 

In addition, in the description of the present inven- 
tion o : age 24, line 2 to 6, there is specified that "The 
10 server, lo which the access request is made, fetches the 
MAC address of the local identification apparatus from 
the request packet and compares it with the MAC ad- 
dress of the local identification apparatus acquired in ad- 
vance by itself". 

15 
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